-
Notifications
You must be signed in to change notification settings - Fork 137
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
expires doesn't work for facebook's oauth2 #77
Comments
I may be misunderstanding, but as far as i can tell, It was made so that expires is pared to an int if it is a string. Expires isn't coerced to a timestamp. I think it may ultimately be stored on the struct as a timestamp, but expires itself is converted to an integer of seconds in the future. It was to resolve this: #58 an API from Honeywell that was using "expires_in" |
@jeffutter that's how I understand it as well. |
yeah guys, but looking at the code I don't see This is what I found in the code (
Maybe it should be something like this?
What I mean is, should |
Another thing that comes on my mind is we might just change the struct to:
And make the developer of strategy be responsible to use |
Ultimately, When you get this value from the provider (Facebook), and you store the token somewhere, and then use it again, how can you tell if it's expired or not without converting the expires in seconds, to a timestamp? If Facebook is sending a timestamp already, then the value is simply converted from a string to an integer and stored in the @kelostrada does this help? |
The case is as a user of Ah and facebook as far as I know doesn't send timestamp in the response but just the field |
Ok. Got it. Which version of the Facebook API are you using? Looking [here](scroll to the very bottom), they seem to be sending an If we're not handling things properly, I agree that it needs to be fixed. We just need to figure out exactly how to proceed. Also, the |
Im not sure right now :/ i will sit to this tomorrow cause right now im not available anymore, but what I can tell you is I'm just using ueberauth_facebook package and as far as I checked they do not send expires_in, maybe some older API is used by this package. I will check that tomorrow, but I know for sure now that oauth2 package handles expires field just by directly converting it to int, it doesn't try to interpret it as time stamp. |
What about changing:
To
Note: expires -> expires_at at the end. Without testing it, I think that may fix this issue.... however I'm guessing it was that way for a reason, and that would break other things. It sounds like, perhaps, some APIs send expires as an isn't of seconds and some as a time stamp? |
About expires field being sometimes sent as seconds and sometimes as timestamp - that was the same thing I was wondering. That's why I suggested changing the structure of AccessToken if that was the case. |
Wasn't that your idea to introduce What I mean is that before your PR this would work exactly this way if |
If you look at the original comment by @jeffutter in #58, it looks like
So, the correct handling should simply be to run PR welcome! |
Wait a minute...that key is |
Okay, i can prepare a PR with removal of |
Referencing #59 @jeffutter
Facebook's oauth2 returns
expires
field as a number of seconds for the token to expire. The referenced PR made it this way thatexpires
is interpreted as atimestamp
on which the token will expire, not the number of seconds till the expiration. What is the basis for this decision?The text was updated successfully, but these errors were encountered: